10/24/2005 -- Two years ago, Cisco Systems Inc. released Network Admission Control (NAC). Since then, NAC has developed into one of Cisco’s most successful efforts. If the NAC-related news Cisco trumpeted last week is any indication, the networking giant has no intention of sitting on its laurels.

Cisco announced new versions of bread-and-butter NAC components like the Cisco Trust Agent and Cisco Access Control Server, both of which were due for a refresh. But the networking giant also firmed up the delivery time table for its (long-awaited) NAC-enabled Catalyst switching platforms, which will be available by next month. On top of that, Cisco announced several partnerships that could help extend the NAC framework to unmanaged network devices.

Not bad for a week’s worth of work.

Andrew Braunberg, a senior analyst for information security and data warehousing with consultancy Current Analysis, likes where Cisco’s going with NAC. "These are important announcements for Cisco, because they significantly expand the number of Cisco network access devices that support NAC, meeting a major commitment of the Phase 2 NAC roll out," he comments.

Braunberg is particularly excited about Cisco’s partnerships with security, compliance and configuration management vendors Altiris, Symantec and Qualys, which should help extend NAC support to unmanaged devices. "The ability to control access of unmanaged devices through the framework is also a key development that eliminates a major point of differentiation with competitive solutions," he writes. "Cisco is describing these new partners as agentless audit venders, but they should be thought of as vulnerability management and policy compliance vendors." For example, says Braunberg, these vendors are leading Change Management Database (CMDB) vendors, which is important because CMDBs act as authoritative sources of device state information. "They would therefore seem to be well positioned to act as universal policy servers within the NAC framework. Indeed, these solutions can add value in both managed and unmanaged scenarios," he explains.

More than anything else, Braunberg suggests, Cisco's NAC refresh once again turns up the heat on competitors. "These announcements will again put competitors, both network equipment vendors and pure play security vendors, on the defensive. Cisco has reached some major milestones with these announcements and eliminated several concerns with the framework. This will make it more difficult for smaller pure play vendors to differentiate themselves from Cisco’s framework solution." -Stephen Swoyer